Vulnerability Details CVE-2018-11106
NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 83.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051
- https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051
Products affected by CVE-2018-11106
-
cpe:2.3:h:netgear:wc7500:-
-
cpe:2.3:h:netgear:wc7520:-
-
cpe:2.3:h:netgear:wc7600v1:-
-
cpe:2.3:h:netgear:wc7600v2:-
-
cpe:2.3:h:netgear:wc9500:-
-
cpe:2.3:o:netgear:wc7500_firmware:*
-
cpe:2.3:o:netgear:wc7520_firmware:*
-
cpe:2.3:o:netgear:wc7600v1_firmware:*
-
cpe:2.3:o:netgear:wc7600v2_firmware:*
-
cpe:2.3:o:netgear:wc9500_firmware:*